At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe.
We are looking for a DevSecOps Engineer to own and evolve our Jenkins Shared Library, powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). You will deliver fast, secure, provenance-rich pipelines (SLSA, SBOM, digests) and strengthen supply-chain integrity across teams.
Sounds like your kind of challenge?
What you'll be doing
- Flexible cooperation model – choose the form that suits you best
(B2B, employment contract, etc.) - Hybrid work setup – remote days available depending on the client’s arrangements – 6x in the office per month
- Collaborative team culture – work alongside experienced professionals eager to share knowledge
- Continuous development – access to training platforms and growth opportunities
- Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
What you get in return
- Design and maintain Groovy pipeline steps (build, test, package, scan, deploy)
- Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container)
- Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch)
- Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence modeling)
- Refactor legacy scripts (remove global state, consolidate hashing, standardize templates)
- Document ci-config.yaml standards and usage patterns
- Mentor engineers on secure pipeline development and supply-chain practices
- Troubleshoot and prevent pipeline incidents
Note: Detailed project information will be shared during the recruitment process.
Who we're looking for
- 7+ years of engineering experience; 3+ years in CI/CD platform or DevSecOps
- Strong Jenkins + Groovy shared library expertise
- Advanced Python automation (JSON/YAML processing, tooling scripts)
- Deep knowledge of Maven/NPM/Python packaging; exposure to Helm/Terraform and container image metadata
- Supply-chain security (SLSA, CycloneDX SBOM, digests)
- Experience with SonarQube, Sonatype IQ, container and SAST scanning
- Proven performance tuning (caching, parallelization, dependency pruning)
- Compliance awareness
Nice to have:
- Artifact signing / attestations (cosign, OCI)
- Terraform module and Helm chart publishing patterns
- GitOps or release automation experience
- GCP/AWS cloud experience
Joining this project you’ll become part of Mindbox – a tech-driven company where consulting, engineering, and talent meet to build meaningful digital solutions. We’ll back you up every step of the way, accelerate your development, and ensure your skills make a difference.
Ready to take the next step?
Submit your application! We look forward to reviewing your profile 😊
Know someone who might be a great fit?
Feel free to share this opportunity using the referral link: Mindbox Referrals System